cleantalk
Vulnerabilities and Security Researches

WooCommerce, CVE-2018-20714

CVE, Research URL

CVE-2018-20714

Home page URL

Security reports for WooCommerce

Application

WooCommerce

Published on
Jan 15, 2019
Research Description
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.
Affected versions
Min -, max 3.4.6.
Status
vulnerable
Previous vulnerability researches
WooCommerce Checkout Field Manager (CVE-2022-4328) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2021-24952) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2022-46797) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2025-30909) , Apr 02, 2025
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2023-51357) , Jun 10, 2024
New vulnerability
Music Player for Elementor – Audio Player & Podcast Player (CVE-2025-5340) , Jun 03, 2025
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis (CVE-2025-4631) , Jun 03, 2025
FastSpring (CVE-2025-4595) , Jun 02, 2025
Real Time Validation for Gravity Forms (CVE-2025-48330) , Jun 02, 2025
EU/UK VAT Manager for WooCommerce (CVE-2025-47504) , Jun 02, 2025